Location: PHPKode > projects > SiteX > comments.php
<?PHP
ob_start();
session_start();
include("includes/globals.php.inc");
include("includes/functions.php");
include("lang/English.php");
if(strtolower($sxSetup['Language']) != 'english') include("lang/".$sxSetup['Language'].".php");
include("themes/$THEME_FOLDER/config.php.inc");

if (!$sxSetup['CommentsEnabled'])
{
	header("Location:".$sxThemeConfig['Homepage']);
	die();
}

if ($sxSetup['CommentsAuth'])
{
	if (!loggedIn())
		loginError($sxLang['LoginRequired']);
		
	if (($THIS_USER == 0) OR ($THIS_USER == '0'))
		loginError($sxLang['LoginRequired']);
}

if ( ($Submit) AND (strlen($name) > 0) AND (strlen($comments) > 0))
{
	$query = "SELECT * FROM $DB_Comments_Section WHERE id='$sectionid'";
	$result = mysql_query($query, $Link) or queryError("16", mysql_error());
	if(mysql_num_rows($result))
	{
		$process_form = false;
		
		// If form is secured
		if($sxSetup['FormSecurity'] == 1)
		{
			// Validate the code
			if(validateSecurityCode(htmlspecialchars($security_code), intval($codeid,10)) == true)
				$process_form = true;
			else
				$message = $sxLang['MessageSecurityCodeRejected'];
		}
		else
			$process_form = true;
		
		if($process_form)
		{
			$name = htmlspecialchars($name);
			$email = htmlspecialchars($email);
			$comments = htmlspecialchars(strip_tags($comments));
			
			$query = "INSERT INTO $DB_Comments (name, email, comments, timestamp, rowid, sectionid) VALUES ('$name', '$email', '$comments', '$NOW', '$rowid', '$sectionid')";
			$result = mysql_query($query, $Link) or queryError("11", mysql_error());
			
			if($sxSetup['CommentsApproval']){
				mail($sxSetup['AdminEmail'], $sxLangMail['SubjectCommentApproval'], $sxLangMail['CommentApproval'], "From: ".$sxSetup['AdminEmail']);
			}
			
			header("Location: $previousPage");
			die();
		}
	}
	else
	{
		// You are hacking the core so you're out of here!
		header("Location:".$sxThemeConfig['Homepage']);
		die();
	}
}

// Secure imaging
if($sxSetup['FormSecurity'] == 1)
	$sxSecureImage = sxCreateSecurityImage();

$sxTitleAddendum = $sxLang['CommentsHeadingAdd'];
include("themes/$THEME_FOLDER/header.php");
?>
<script language="javascript" type="text/javascript">
<!--
function submitIt(myForm){
	if(myForm.name.value == ""){
		alert("<?PHP echo $sxLang['GuestbookJSNameEmpty']; ?>");
		myForm.name.select();
		return false;
	}
	if(myForm.comments.value == ""){
		alert("<?PHP echo $sxLang['GuestbookJSMessageEmpty']; ?>");
		myForm.comments.select();
		return false;
	}
}
//-->
</script>
  <div class="bodyWrapper">
  <h1><?PHP echo $sxLang['CommentsHeadingAdd']; ?></h1>
  <?PHP echoMessage($message); ?>
  <form name="sxFormCommentsAdd" method="post" action="<?PHP echo $PHP_SELF; ?>" onsubmit="return submitIt(this)">
	  <table border="0" cellspacing="0" cellpadding="5">
		<tr> 
		  <td class="sxTdItem"><?PHP echo $sxLang['GeneralItemName']; ?>:</td>
		  <td><input name="name" type="text" id="name" maxlength="80"<?PHP if($Submit) echo ' value="' . $name . '"'; elseif(loggedIn()) echo ' value="' . $_SESSION['firstname'] . ' ' . $_SESSION['lastname'] . '" readonly="readonly"'; ?> /></td>
		</tr>
		<tr> 
		  <td class="sxTdItem"><?PHP echo $sxLang['GeneralItemEmail']; ?>:</td>
		  <td><input name="email" type="text" id="email" maxlength="80"<?PHP if($Submit) echo ' value="' . $email . '"'; elseif(loggedIn()) echo ' value="' . $_SESSION['email'] . '" readonly="readonly"'; ?> /></td>
		</tr>
		<tr> 
		  <td class="sxTdItem"><?PHP echo $sxLang['CommentsItemComments']; ?>:</td>
		  <td><textarea name="comments" id="comments" style="width:300px;height:200px;"><?PHP if($Submit) echo $comments; ?></textarea></td>
		</tr>
		<?PHP if($sxSetup['FormSecurity'] == 1){ ?>
		<tr> 
		  <td class="sxTdItem">&nbsp;</td>
		  <td><img src="<?PHP echo $sxSecureImage['url']; ?>" /><br/><?PHP echo $sxLang['GeneralItemSecureCase']; ?></td>
		</tr>
		<tr> 
		  <td class="sxTdItem"><?PHP echo $sxLang['GeneralItemSecureCode']; ?></td>
		  <td><input name="security_code" type="text" id="security_code" maxlength="255" />
		  	  <input type="hidden" name="codeid" value="<?PHP echo $sxSecureImage['codeid']; ?>" /></td>
		</tr>
		<?PHP } ?>
		<tr>
		  <td>&nbsp;</td>
		  <td>
		  <input type="hidden" name="rowid" value="<?PHP echo $rowid; ?>" />
		  <input type="hidden" name="sectionid" value="<?PHP echo $sectionid; ?>" />
		  <input type="hidden" name="previousPage" value="<?PHP echo $previousPage; ?>" />
		  <input type="submit" name="Submit" class="sxButton" value="<?PHP echo $sxLang['CommentsButtonLeave']; ?>" /></td>
		</tr>
	  <?PHP if($sxSetup['CommentsApproval'] == 1){ ?>
	  <tr>
		<td valign="top">&nbsp;</td>
		<td><?PHP echo $sxLang['CommentsApprovalMessage']; ?></td>
	  </tr>
	  <?PHP } ?>
	  </table>
	</form>
  </div>
<?PHP
include("themes/$THEME_FOLDER/footer.php");
ob_end_flush();
?>
PHP Helpdesk script - 100% PHP source code. Try it now!
Return current item: SiteX